Skip to content
Commits on Source (28)
Hide whitespace changes
Inline Side-by-side
components/options.php
View file @ ba01da38
......@@ -204,7 +204,8 @@ function updateRenew() {
return FALSE;
}
$sucsDB->Execute("update members set paid=?, lastupdate=DEFAULT, lastedit=uid where uid=?", array($paydate, $member['uid']));
include_once("../lib/member_functions.php");
renew_membership($member['username']);
$sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id']));
return TRUE;
}
......
components/susignup-admin.php
View file @ ba01da38
<?PHP
/***
* SU Signup admin
* Allows us to search the SU api for a given student number and checks if they're a SUCS member.
* If they are - allows account renewal
* If not - allows signup to be bootstrapped as per susignup component
***/
<?php
// gib errars plox
//error_reporting(E_ALL);
//ini_set('display_errors', 1);
// include functions and shit we need
include("../lib/member_functions.php");
include("../lib/date.php");
include("../suapi.inc.php");
include("../lib/suapiv2.php");
//Restrict access to staff.
$permission="sucsstaff";
$apibaseurl="https://$suapi_user:$suapi_pass@su-api.sucs.org/memberships/Membership.asmx";
// if they have the right privs then lets do shit
if (isset($session->groups[$permission])) {
//Setup smarty magic, step 1
$smarty->assign("staff", TRUE);
// if no mode has been requested then show options
if(!isset($_REQUEST['mode'])) {
$mode = 'menu';
} else {
$mode = urldecode($_REQUEST['mode']);
}
// We have a mode, lets try and work out wtf they want to do
// they have typed in a sid and want to bootstrap the signup processs
if ($mode == 'search') {
if (empty($_REQUEST['sid']) || empty($_REQUEST['snsubmit'])) {
$mode = 'error';
$smarty->assign("error_text", "Invalid search request");
$smarty->assign("error_text", "Invalid search request");
}else{
$pres=preg_match("/^[0-9]{6}$/",$_REQUEST['sid'],$sid);
if ($pres!=1) {
$mode = 'error';
$smarty->assign("error_text", "Search term doesn't look like a valid student ID");
} else {
$url = "$apibaseurl/IsPersonMember?strCriteria=".$sid[0]."&GroupingId=6613";
$apiReq = curl_init();
curl_setopt($apiReq, CURLOPT_URL, $url);
curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false);
$apiResult = curl_exec($apiReq);
if ($apiResult === FALSE) {
$mode = 'error';
$smarty->assign("error_text", "An error occurred communicating with the SUSU API.");
}else {
// Ostensibly we now have a valid search result from the SU - go to work
libxml_use_internal_errors(true);
$xml=simplexml_load_string($apiResult);
if (!$xml||isset($xml->head->title)) {
$mode='error';
$smarty->assign("error_text", "An error occurred communicating with the SUSU API");
} else {
$ismember = $xml[0];
if ($ismember=="true") {
//Yay, we have a student who has paid and needs to be signed up.
//Check they don't have a signup slip already
$query = "SELECT transactionid, signupid FROM transactions WHERE cardNumber = ?;";
$qres = $sucsDB->Execute($query, $sid);
if ($qres->RecordCount()==0) {
// No transaction, but might have unused signup slip. If so, retrieve values.
$query = "SELECT id, username, password FROM signup WHERE sid=?;";
$qres = $sucsDB->Execute($query, array($sid[0]));
if ($qres && $qres->RecordCount() > 0) {
if ($qres->RecordCount() > 1) {
$mode='error';
$smarty->assign("error_text", "Student has multiple signup slips in the DB. Bork! Bork! Bork!");
} else if (!empty($qres->fields['username'])) {
$mode='error';
$smarty->assign("error_text", "Student hasn't tried to use the SU signup component (No transaction in DB), but has a previously used Signup Slip with username ".$qres->fields['username'].".<br />Is this a renewal? If not, ask an admin to generate a new signup slip for this student");
//TODO: Add option to generate new signup slip?
} else {
$id = $qres->fields['id'];
$pass = $qres->fields['password'];
}
} else {
$pass = make_password();
$query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
$attribs[]=$pass;
$attribs[]=$sid[0];
$attribs[]='99999'; //SUCS Magic internal use UID
$id = $sucsDB->Execute($query,$attribs);
$id = $id->fields['id'];
if (!$id) {
$mode="error";
$smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>");
} else {
$smarty->assign('slipid', $id);
$smarty->assign('slippass', $pass);
$smarty->assign('sid', $sid[0]);
}
}
} else {
//Retrieve existing slip
$id = $qres->fields['signupid'];
$tid = $qres->fields['transactionid'];
if (empty($id)) {
$pass = make_password();
$query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
$attribs[]=$pass;
$attribs[]=$sid[0];
$attribs[]='99999'; //SUCS Magic internal use UID
$qres = $sucsDB->Execute($query,$attribs);
if (!$qres) {
$mode="error";
$smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>");
} else {
$id = $qres->fields['id'];
$query = "UPDATE transactions SET signupid=? WHERE transactionid=?;";
$qres = $sucsDB->Execute($query, array($id, $tid));
$smarty->assign('slipid', $id);
$smarty->assign('slippass', $pass);
$smarty->assign('sid', $sid[0]);
}
}else {
$query = "SELECT username, password FROM signup WHERE id=?;";
$qres = $sucsDB->Execute($query, array($id));
if (!$qres) {
$mode="error";
$smarty->assign("error_text", "The user appears to have generated a signup ID using the SU Signup system (Slip ID: ".$id."), but the password for that slip can't be retrieved.<br />Request assistance.");
} else if ($qres->fields['username'] !== NULL) {
$mode="error";
$smarty->assign("error_text", "This user appears to have completed signup, with username <strong>".$qres->fields['username']."</strong><br />Check that this user exists, and offer to reset their password if necessary.");
}
$pass = $qres->fields['password'];
$smarty->assign('slipid', $id);
$smarty->assign('slippass', $pass);
$smarty->assign('sid', $sid[0]);
}
}
if(!$mode=='error') {
//Right, this should be the point where we hand off to signup
$smarty->assign('slipid', $id);
$smarty->assign('slippass', $pass);
$smarty->assign('sid', $sid[0]);
}
}else{
$mode='error';
$smarty->assign("error_text", "Student does not appear to have paid. Extract fees");
}
}
}
}
}
} else if ($mode=="renew") {
if (empty($_REQUEST['member'])){
$mode='error';
$smarty->assign('error_text',"Can't renew a member without knowing their username!");
} else if (!isset($_REQUEST['renewconf'])) {
//Should be trying to renew $_REQUEST['member']
$username=urldecode($_REQUEST['member']);
$q = "SELECT username, typename, sid, paid, email FROM members, member_type WHERE username=?";
$res = $sucsDB->Execute($q,array($username));
if (!$res) {
$mode='error';
$smarty->assign('error_text', "A database error occurred while trying to retrieve member details");
} else if ($res->fields['paid'] == paidUntil(time())) {
$mode='error';
$smarty->assign('error_text', 'User appears to have been renewed already?');
} else {
$smarty->assign('renew_user', $username);
$smarty->assign('renew_paid', $res->fields['paid']);
$smarty->assign('renew_type', $res->fields['typename']);
$url = "$apibaseurl/IsPersonMember?strCriteria=".$res->fields['sid']."&GroupingId=6613";
$apiReq = curl_init();
curl_setopt($apiReq, CURLOPT_URL, $url);
curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false);
$apiResult = curl_exec($apiReq);
libxml_use_internal_errors(true);
$xml=simplexml_load_string($apiResult);
if (!$xml || isset($xml->head->title)) {
$mode='error';
$smarty->assign("error_text", "An error occurred communicating with the SUSU API.");
} else {
$ismember = $xml[0];
$user = posix_getpwnam($session->username);
if ($ismember!="true") {
$mode='error';
$smarty->assign('error_text', 'Member does not appear to have paid via the SU system. Use the old renewals system if they have paid using some other method');;
} else {
if (renew_member($username, $user['uid'], $user['name'])) {
message_flash("Successfully renewed");
$mode='menu';
// they have given us a valid sid lets check to see if they have paid
// make sure the user/admin/exec isn't an idiot
// check if they are already signed up and tell them so
$tmpresult = $sucsDB->Execute("SELECT * FROM members WHERE sid=?", array($_REQUEST['sid']));
if($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())){
// let them know they are already signed up and renewed
message_flash("You are a numpty and have already signed up and paid for this year.");
// else if check to see if they have signedup and paid for the new year but haven't renewed
} else if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] != paidUntil(time())){
// renew them!
renew_membership($tmpresult->fields["username"]);
// let them know that their account has been renewed
message_flash("Your SUCS account has been renewed.");
}else{
if (check_su_sid($_REQUEST['sid'])) {
// lets make them a signup slip
$pass = make_password();
$query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
$attribs[]=$pass;
$attribs[]=$_REQUEST['sid'];
$attribs[]='99999'; //SUCS Magic internal use UID
$id = $sucsDB->Execute($query,$attribs);
$id = $id->fields['id'];
if (!$id) {
$mode="error";
$smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>");
} else {
$mode='error';
$smarty->assign('error_text', 'An error occurred renewing account '.$username);
$smarty->assign('slipid', $id);
$smarty->assign('slippass', $pass);
$smarty->assign('sid', $_REQUEST['sid']);
}
}else{
$mode='error';
$smarty->assign("error_text", "Student does not appear to have paid. Extract fees");
}
}
}
}
// mass renewals page
} else if ($mode == 'renewals') {
//Get list of members according to the SU
$url = "$apibaseurl/GetMemberListData?GroupingId=6613";
$apiReq = curl_init();
curl_setopt($apiReq, CURLOPT_URL, $url);
curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false);
$apiResult = curl_exec($apiReq);
$sumembers = su_response_decode($apiResult);
if (!$sumembers) {
$mode ='error';
$smarty->assign("error_text", "An error occurred communicating with the SUSU API.");
} else {
$matches = array();
$others=0;
$paidup=0;
foreach ($sumembers as $sumem) {
$sucsmem = get_sucs_record($sumem['uni_card_number']);
foreach ($just_members as $sumem) {
$sucsmem = get_sucs_record($sumem['card_number']);
if ($sucsmem && $sucsmem['paid'] != paidUntil(time()) && $sucsmem['type']==1) {
$matches[]=array($sumem['firstName']." ".$sumem['lastName'], $sucsmem['realname'], $sumem['uni_card_number'], $sucsmem['username'], $sucsmem['paid']);
$matches[]=array($sumem['purchaser'], $sucsmem['realname'], $sumem['card_number'], $sucsmem['username'], $sucsmem['paid']);
} else if ($sucsmem && $sucsmem['paid'] == paidUntil(time())) {
$others++;
$paidup++;
......@@ -238,7 +98,6 @@ if (isset($session->groups[$permission])) {
$smarty->assign("others", $others);
$smarty->assign("paidup", $paidup);
$smarty->assign("pending", $others - $paidup);
}
} else if ($mode == 'renewals2') {
$failures = array();
$successes = array();
......@@ -248,8 +107,7 @@ if (isset($session->groups[$permission])) {
$smarty->assign("error_text", "Can't renew an empty list!");
} else {
foreach($_REQUEST['renew'] as $user) {
$admin_user=posix_getpwnam($session->username);
if (renew_member($user, $admin_user['uid'], $admin_user['name'])) {
if (admin_renew_member($user, $session->username)) {
$successes[]=$user;
} else {
$failures[]=$user;
......@@ -261,27 +119,13 @@ if (isset($session->groups[$permission])) {
$smarty->assign("successes", count($successes));
}
} else if ($mode == 'list') {
//Get list of members according to the SU
$url="$apibaseurl/GetMemberListData?GroupingId=6613";
$apiReq = curl_init();
curl_setopt($apiReq, CURLOPT_URL, $url);
curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false);
$apiResult = curl_exec($apiReq);
$sumembers = su_response_decode($apiResult);
if (!$sumembers) {
$mode='error';
$smarty->assign("error_text", "An error occurred communicating with the SUSU API.");
} else {
$matches = array();
foreach ($sumembers as $sumem) {
$sucsmem = get_sucs_record($sumem['uni_card_number']);
foreach ($just_members as $sumem) {
$sucsmem = get_sucs_record($sumem['card_number']);
if ($sucsmem) {
$matches[]=array($sumem['firstName']." ".$sumem['lastName'], $sucsmem['realname'], $sumem['uni_card_number'], $sucsmem['username'], $sucsmem['paid']);
$matches[]=array($sumem['purchaser'], $sucsmem['realname'], $sumem['card_number'], $sucsmem['username'], $sucsmem['paid']);
} else {
$matches[]=array($sumem['firstName']." ".$sumem['lastName'], "N/A", $sumem['uni_card_number'], "N/A", "Not signed up");
$matches[]=array($sumem['purchaser'], "N/A", $sumem['card_number'], "N/A", "Not signed up");
}
}
function sortbypaid($a, $b) {
......@@ -290,7 +134,6 @@ if (isset($session->groups[$permission])) {
}
usort($matches, 'sortbypaid');
$smarty->assign("matches", $matches);
}
}
$smarty->assign('renewables', get_renewable_members());
}
......@@ -302,17 +145,6 @@ $body = $smarty->fetch("susignup-admin.tpl");
$smarty->assign('body', $body);
$smarty->assign("extra_styles", array("$baseurl/css/susignup-admin.css"));
function su_response_decode($text) {
global $smarty;
libxml_use_internal_errors(true);
$xml=simplexml_load_string($text);
if (!$xml || isset($xml->head->title)) {
return false;
} else {
return json_decode($xml[0],TRUE);
}
}
function get_sucs_record($sid) {
global $sucsDB;
......@@ -338,37 +170,18 @@ function get_renewable_members() {
return $retvals;
}
function renew_member($renew_name, $admin_uid, $admin_name) {
global $sucsDB;
$q="UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?;";
$r=$sucsDB->Execute($q, array(paidUntil(time()), $admin_uid, $renew_name));
if (!$r) {
print $sucsDB->ErrorMsg();
return FALSE;
} else {
function admin_renew_member($renew_name, $admin_name) {
global $sucsDB;
renew_member($renew_name);
$q="SELECT email, typename FROM members, member_type WHERE username=? AND type=member_type.id;";
$r=$sucsDB->Execute($q, array($renew_name));
$message = "Account Renewal notification\n\n";
$message .= "Account : ".$renew_name."\n";
$message .= "User Type : ".$r->fields['typename']."\n";
$message .= "Renewed by: ".$admin_name."\n\n";
$message .= "**** Payment was made via the SU payments system ****\n";
$message .= "Regards\n The SU Renewals script";
mail("treasurer@sucs.org","Account Renewal",$message);
$message = "Your Swansea University Computer Society (SUCS) membership has been renewed\n\n";
$message .= "Username: ".$renew_name."\n";
$message .= "If you do not know or have forgotten your password, please email admin@sucs.org to arrange for it to be changed.\n\n";
$message .= "Regards\n The SUCS admin";
$header = "From: admin@sucs.org\r\n";
$header .= "Reply-To: admin@sucs.org";
// Personal account
mail($r->fields['email'],"SUCS account renewal",$message,$header);
// sucs account
mail($renew_name."@sucs.org","SUCS account renewal",$message,$header);
mail("exec@sucs.org","Account Renewal",$message);
return TRUE;
}
}
components/susignup.php
View file @ ba01da38
<?php
//unique society identifier
$GroupingID = "6613";
// gib errars plox
//error_reporting(E_ALL);
//ini_set('display_errors', 1);
// this is the php for sucs.org/susignup
// Include shit we need. like the renew_membership fucntion
include "../lib/member_functions.php";
include "../lib/date.php";
include "../suapi.inc.php";
// include the suapiv2 stuff like check_su_sid_and_trans()
include "../lib/suapiv2.php";
// since the rewrite by ~imranh this no longer sends out emails
// feel free to add it
// Where do errors go?
$error_email = "admin@sucs.org";
// By default display a page asking for sid and transid
// this is called "login"
$mode = 'login';
//login
// if somone has post'd data to the page then do shit
if(!empty($_REQUEST['sid'])&&!empty($_REQUEST['transactionID'])){
//set signup details
// stick the post'd data in a variable we can call easily
$sid = $_REQUEST['sid'];
$transactionID = $_REQUEST['transactionID'];
//set POST variables
$url = "https://$suapi_user:$suapi_pass@su-api.sucs.org/memberships/Membership.asmx/GetMemberByTransactionID";
$fields = array(
'transactionID'=>urlencode($transactionID),
'GroupingID'=>urlencode($GroupingID),
);
//url-ify the data for the POST
$field_string = "";
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
if(!$result){
$mode = "error";
$smarty->assign("error_text", "Invalid query returned");
} else {
libxml_use_internal_errors(true);
$xml=simplexml_load_string($result);
if (!$xml||isset($xml->head->title)) {
$mode='error';
$smarty->assign("error_text", "An error occurred communicating with the SUSU API");
} else{
$re1='.*?';
$re2='(\\{.*?\\})';
if ($c=preg_match_all ("/".$re1.$re2."/is", $result, $matches))
{
$json_string=$matches[1][0];
} else{
$mode = "error";
}
$array = json_decode($json_string,TRUE);
if($array['cardNumber'] == $sid && $sid != ""){
$mode = 'form';
// SET THIS FOR DEBUG MODE
// $sucsDB->debug = true;
$fullName = $array['firstName']." ".$array['lastName'];
$query = "INSERT INTO transactions (transactionID,fullName,emailAddress,cardNumber,personID) values(?, ?, ?, ?, ?)";
$attribs[] = $transactionID;
$attribs[] = $fullName;
$attribs[] = $array['emailAddress'];
$attribs[] = $array['cardNumber'];
$attribs[] = $array['personID'];
$valid = true;
if(!$sucsDB->Execute($query,$attribs)) {
// We did this because Adodb ErrorNo command is broken
$query = "SELECT * FROM transactions WHERE transactionID = ?";
unset($attribs);
$attribs[]=$transactionID;
if($sucsDB->Execute($query,$attribs)) {
$query = "SELECT * FROM transactions WHERE transactionID = ?";
$attribs= array();
$attribs[]=$transactionID;
$data = $sucsDB->GetAll($query,$attribs);
if(is_array($data)&&sizeof($data)==1&&$data[0]['signupid']==NULL){
// As it stands this shouldn't happen but if it does, no reason not to let them carry on
$valid = true;
} elseif(is_array($data)&&sizeof($data)==1&&$data[0]['signupid']!=NULL) {
$query = "SELECT * FROM signup WHERE sid = ?";
unset($attribs);
$attribs[]=$sid;
$data = $sucsDB->Execute($query, $attribs);
if(!$data) {
mail(
$error_email,
"SUSignup Error",
"An error occured in the susignup system at stage 0\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$valid=false;
} else if($data->fields['username']!=NULL){
$smarty->assign("username", $data->fields['username']);
$mode='numpty2';
// This happens if they already ahve a SUCS account and are trying to create a new signupid
$valid = false;
} else {
$smarty->assign("id", $data->fields['id']);
$smarty->assign("pass", $data->fields['password']);
$mode='numpty';
// If this happens they tried to get a new signupid/pass after already getting one, and should get weekly reminders about it
$valid = false;
}
} else {
$mode="error";
mail(
$error_email,
"SUSignup Error",
"An error occured in the susignup system at stage 1\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$valid = false;
}
} else {
$mode="error";
mail(
$error_email,
"SUSignup Error",
"An error occured in the susignup system at stage 2\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
$valid = false;
}
}
if($valid)
{
unset($attribs);
unset($query);
$query = "SELECT * FROM members WHERE sid = ?";
$attribs[] = $sid;
unset($data);
$data = $sucsDB->Execute($query, $attribs);
if (!$data) {
$mode = "error";
$smarty->assign("error_text", "Error in internal database check");
} elseif ($data->RecordCount()==1) {
$mode = "renew";
$q="UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?;";
$r=$sucsDB->Execute($q, array(paidUntil(time()), '99999', $data->fields['username']));
if (!$r) {
mail(
$error_email,
"SUSignup Error",
"An error occured in the susignup system at stage 2.5\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
} else {
$q="SELECT email, typename FROM members, member_type WHERE username=? AND type=member_type.id;";
$r=$sucsDB->Execute($q, array($data->fields['username']));
$message = "Account Renewal notification\n\n";
$message .= "Account : ".$data->fields['username']."\n";
$message .= "User Type : ".$r->fields['typename']."\n";
$message .= "Renewed by: ".$data->fields['username'].".\n\n";
$message .= "**** Payment was made via the SU payments system ****\n";
$message .= "Regards\n The SU Renewals script";
mail("treasurer@sucs.org","Account Renewal",$message);
$message = "Your Swansea University Computer Society (SUCS) membership has been renewed\n\n";
$message .= "Username: ".$renew_name."\n";
$message .= "If you do not know or have forgotten your password, please email admin@sucs.org to arrange for it to be changed.\n\n";
$message .= "Regards\n The SUCS admin";
$header = "From: admin@sucs.org\r\n";
$header .= "Reply-To: admin@sucs.org";
// Personal account
mail($r->fields['email'],"SUCS account renewal",$message,$header);
// sucs account
mail($data->fields['username']."@sucs.org","SUCS account renewal",$message,$header);
unset($query);
unset($attribs);
$query = "UPDATE transactions set signupid=? WHERE transactionID=?";
$attribs[]="000";
$attribs[]=$transactionID;
$data = $sucsDB->Execute($query,$attribs);
if (!$data) {
$mode="error";
mail(
$error_email,
"SUSignup Error",
"An error occured in the susignup system at stage 2.6\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
}
}
} else {
$pass = make_password();
unset($query);
$query = "insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id";
unset($attribs);
$attribs[]=$pass;
$attribs[]=$array['cardNumber'];
$attribs[]='99999';
$iddata = $sucsDB->Execute($query,$attribs);
$id = $iddata->fields['id'];
if (!$iddata) {
$mode="error";
mail(
$error_email,
"SUSignup Error",
"An error occured in the susignup system at stage 3\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
} else {
$query = "update transactions set signupid=? WHERE transactionID=?";
unset($attribs);
$attribs[]=$id;
$attribs[]=$transactionID;
if(!$sucsDB->Execute($query,$attribs)) {
$mode="error";
mail(
$error_email,
"SUSignup Error",
"An error occured in the susignup system at stage 4\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
"From: \"SUCS Admin\" <admin@sucs.org>"
);
print($sucsDB->ErrorMsg());
} else {
$smarty->assign("id", $id);
$smarty->assign("pass", $pass);
mail(
$array['emailAddress'].','.$sid.'@swansea.ac.uk',
"SUCS Signup Information",
"Thankyou for joining Swansea University Computer Society, your signup details are below;\nSignupID: $id\nSignup Password: $pass\nIf you have successfully completed signup immediately then you can disregard this message.\n\nSUCS Admin Team.",
"From: \"SUCS Admin\" <admin@sucs.org>"
);
}
}
}
}
}
// check if the data posted is valid
if(check_su_sid_and_trans($sid,$transactionID)){
// check to see if they are already a valid and paid member
$tmpresult = $sucsDB->Execute("SELECT * FROM members WHERE sid=?", array($sid));
if($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())){
// let them know they are already signed up and renewed
message_flash("You are a numpty and have already signed up and paid for this year.");
// else if check to see if they have signedup and paid for the new year but haven't renewed
}else if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] != paidUntil(time())){
// renew them!
renew_membership($tmpresult->fields["username"]);
// let them know that their account has been renewed
message_flash("Your SUCS account has been renewed.");
// else if they aren't in the SUCS DB but have a signup slip, take them back to that part of signup
$singuptmpresult = $sucsDB->Execute("SELECT * FROM signup WHERE sid=?", array($sid));
} else if ($tmpresult->fields == false && $signuptmpresult->fields["sid"] == $sid) {
$mode = "form";
$smarty->assign("id",$signuptmpresult->fields["id"]);
$smarty->assign("pass",$signuptmpresult->fields["password"]);
// else if they aren't in the SUCS DB, then bootstrap signup process
} else if ($tmpresult->fields == false && $signuptmpresult->fields == false) {
$mode = "form";
$pass = make_password();
$iddata = $sucsDB->Execute("insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id",array($pass,$sid,"99999"));
$id = $iddata->fields['id'];
$smarty->assign("id", $id);
$smarty->assign("pass", $pass);
} else {
// they should never get here
echo("fuck you");
}
} else {
trigger_error("That Student Number and Transaction ID combo are invalid.", E_USER_ERROR);
}
}
$smarty->assign("mode", $mode);
$output = $smarty->fetch("susignup.tpl");
......
lib/member_functions.php
View file @ ba01da38
......@@ -107,4 +107,31 @@ function generateLdif($uid, $password, $type, $realname, $username){
return $ldif;
}
// function to renew a persons sucs membership
function renew_membership($username) {
// get their details from the sucs db
$userdata = $sucsDB->Execute("SELECT * FROM members WHERE username=?", array($username));
// include the date file so we can call the paidUntil function
include_once("date.php");
// Update their record in the DB
$sucsDB->Execute("UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?", array(paidUntil(time()), "99999", $username));
// Give them their 200 print credits
exec("/usr/local/sbin/printerrenew.apache ${username} 200");
// apprently sending them an email confirming so is nice
$message = "Your Swansea University Computer Society (SUCS) membership has been renewed\n\n";
$message .= "Username: ${username}\n";
$message .= "If you do not know or have forgotten your password, please email admin@sucs.org to arrange for it to be changed.\n\n";
$message .= "Regards\n The SUCS admin";
$header = "From: admin@sucs.org\r\n";
$header .= "Reply-To: admin@sucs.org";
// send it to their personal account
mail($userdata->fields['email'],"SUCS account renewal",$message,$header);
}
?>
lib/suapiv2.php 0 → 100644
View file @ ba01da38
<?php
// sorry
// gib errars plox
//error_reporting(E_ALL);
//ini_set('display_errors', 1);
// without this the entire thing doesn't work
include_once("../suapiv2-key.php");
//SUCS Org ID According to the SU
$orgid = "6613";
$apibaseurl = "http://su-apiv2.sucs.org/?apikey=${apikey}&orgid=${orgid}";
// Get the shit json the suapiv2 spits out
$ch = curl_init($apibaseurl);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, TRUE);
$raw_data = curl_exec($ch);
curl_close($ch);
$formated_raw_data = json_decode($raw_data, true); //convert it into php arrays
/*
* $membership_data is an array where each type of memebrship is it;s own array
* Insdie each of those arrays the actual arrary of members is under ["Detail_Collection"]["Detail"]
* So $membership_data[0]["Detail_Collection"]["Detail"][0] will get you the array containing the
* first member in the data
*/
$membership_data = $formated_raw_data["table1"]["table1_Product_Collection"]["table1_Product"];
// make a new array that just contains *every* member no matter what they bought
$just_members = array();
foreach ($membership_data as $typeOfMember) {
foreach ($typeOfMember["Detail_Collection"]["Detail"] as $member) {
array_push($just_members, $member["@attributes"]);
}
}
/* You can now use $just_members to probe member detials. It's an array of arrays which each contain:
* transaction_id (recepit id)
* purchaser (full name)
* textbox6 (under 18 or not) NOT SURE OF THE FORMAT
* card_number (student number)
* shop_name (where they bought sucs memebrship)
* qty (how many sucs memebrships they bought)
* purchase_date (timestamp of when they bought memebrship)4
*/
/*
* Used by /susignup to verify that the stduent number and transaction id combo are valid
* returns true or false
*/
function check_su_sid_and_trans($sid, $transid) {
global $just_members;
foreach ($just_members as $member) {
if ($sid == $member["card_number"] && $transid == $member["transaction_id"]) {
return true;
}
}
return false;
}
/*
* Used to verify taht a given stduent number has paid for membership via the su system.
* returns false or true
*/
function check_su_sid($sid) {
global $just_members;
foreach ($just_members as $member) {
if ($sid == $member["card_number"]) {
return true;
}
}
return false;
}
?>
templates/susignup-admin.tpl
View file @ ba01da38
......@@ -67,7 +67,7 @@ The following accounts failed to renew:
The details are:<br />
<strong>Slip ID: </strong> {$slipid}<br />
<strong>Slip Password: </strong> {$slippass} <br />
<form action="https://sucs.org/signup/" method="post">
<form action="{$baseurl}/signup/" method="post">
<input type=hidden name="signupid" id="id" value="{$slipid}" />
<input type=hidden name="signuppw" id="pass" value="{$slippass}" />
<input type=submit name="submit" value="Proceed" />
......
templates/susignup.tpl
View file @ ba01da38
......@@ -23,38 +23,18 @@
<div class="hollowfoot"><div><div></div></div></div>
</div>
</form>
{elseif $mode=='form' || $mode=="re-form"}
{elseif $mode=='form'}
<h1>Signup</h1>
<p>To continue signup later please use the link below to dispay and print off your signup slip</p>
<form action="https://sucs.org/~kais58/sucstest/sucs/generate.php" method="post" target="_blank">
<input type=hidden name="id" id="id" value="{$id}" />
<input type=hidden name="pass" id="pass" value="{$pass}" />
<input type=submit name="submit" value="Proceed" />
</form>
<p>To finish signup now click below to continue</p>
<form action="https://sucs.org/signup/" method="post">
<p>To contiune signup now click below</p>
<form action="{$baseurl}/signup/" method="post">
<input type=hidden name="signupid" id="id" value="{$id}" />
<input type=hidden name="signuppw" id="pass" value="{$pass}" />
<input type=submit name="submit" value="Proceed" />
</form>
{elseif $mode=='numpty'}
<p>You appear to have completed this part of signup before, please check your emails for your signup ID and password. Alternatively click below to continue.</p>
<form action="https://sucs.org/signup/" method="post">
<input type=hidden name="signupid" id="id" value="{$id}" />
<input type=hidden name="signuppw" id="pass" value="{$pass}" />
<input type=submit name="submit" value="Proceed" />
</form>
{elseif $mode=='numpty2'}
<p>You appear to have already completed this step and registered with SUCS with the username <strong>{$username}</strong>.<br/>If you have forgotten your login password please email <a href='mailto:admin@sucs.org'>admin@sucs.org</a> or drop by the SUCS room and find an admin.</p>
{elseif $mode=='renew'}
<h1>Renewed</h1>
<p>Thankyou for renewing your membership, it has completed succesfully</p>
{else}
<h1>Error</h1>
<div class='errorbar'>
<strong>Error: </strong> {$error_text}
</div>
An error occured during signup, please email, with as much information as you can provide, <a href='mailto:admin@sucs.org'>admin@sucs.org</a> for assistance.
{/if}
{/if}
\ No newline at end of file